Hyperledger Besu Consensus Bug in ALTBN128 Precompiles

A consensus bug has been identified in Hyperledger Besu versions 24.7.1 through 25.2.2, related to the ALTBN128_ADD, ALTBN128_MUL, and ALTBN128_PAIRING precompile functions. This issue arises from the gnark-crypto implementation used in besu-native, which improperly relied on subgroup checks to validate whether elliptic curve points were on the curve. As a result, specially crafted input points could lead to incorrect outcomes, causing nodes to fall out of consensus. This problem could also result in the propagation of invalid state in homogenous Besu-only networks.

Impact

Exploitation of this vulnerability can lead to consensus errors in the Ethereum network, causing nodes to process transactions incorrectly and potentially accept invalid state changes.

Remediation

Users can upgrade to Hyperledger Besu version 25.3.0 and besu-native version 1.3.0, both of which address this vulnerability. Alternatively, in affected versions of Besu, the native ALTBN128 precompile can be disabled in favor of the pure Java implementation, which, while slower, does not have the same consensus issue.